NoEscape attacks Carespring Health Care Management
NoEscape Ransomware Targets Carespring Health Care Management
NoEscape ransomware group has added Carespring Health Care Management to their victim list. They claim to have access to 364 GB of company data. Carespring facilities provide skilled nursing, memory care, rehabilitation, and independent or assisted living options throughout Cincinnati, Dayton, and Northern Kentucky.
The Emergence of NoEscape
NoEscape – assessed to be a spinoff of the disbanded Avaddon gang -- emerged in May of 2023 and operates as a Ransomware-as-a-Service (RaaS) and emerged with variants for targeting both Windows, Linux and VMware ESXi systems.
NoEscape provides affiliates with 24/7 technical support, communications, and negotiation assistance, as well as an automated RaaS platform update feature. Having just recently emerged, NoEscape has rapidly become one of the more prolific attack groups, with attack volume escalating significantly in the second quarter of 2023. It is unclear how high the typical NoEscape ransom demands tend to be, but it has been observed that profit sharing with affiliates is on par or even more attractive than other groups, with ransoms over $3 million netting 90/10 split with affiliates taking the lion’s share.
Technical Details of NoEscape Ransomware
NoEscape is written in C++ and is relatively unique in the space in that the developers opted to build the RaaS platform from scratch rather than rely on code reuse from other ransomware variants. NoEscape ransomware payloads support multiple encryption options ranging from extra fast to extra strong encryption and leverages RSA and ChaCHA20 encryption algorithms with a single key for all impacted files for faster decryption of a ransom is paid. NoEscape can operate in safe mode to bypass security tools, terminate processes, erase VSS shadow copies and system back-ups to thwart recovery efforts, and abuse Windows Restart Manager to circumvent processes not terminated.
Target Industries and Operations
NoEscape operations target a wide array of industry verticals with a focus on Professional Services, Manufacturing, Information Technology and Healthcare. NoEscape offers its RaaS platform to affiliate attackers and operations typically include data exfiltration or other actions to be leveraged in double extortion schemes such as a denial-of-service option for a hefty additional fee to the affiliate. NoEscape maintains a TOR-based leaks site to name-and-shame victims.
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!